Endpoint Security Datasheet

Comprehensive single-agent security solution to protect on-premise
and remote endpoints against known and unknown threats

Traditional endpoint protection leaves gaps as it tries to address
modern threats. FireEye Endpoint Security improves security visibility
and the quality and relevance of your threat data to address these
gaps and give you:

The combination of endpoint detection and response (EDR) and other
capabilities into a single integrated FireEye solution gives analysts
the fastest possible way to inspect, search and analyze any suspicious
activity on any endpoint enabling them to adapt a defense based on
detailed threat information in real time.

Highlights

Available to deploy in on-premise, cloud or
virtual environments along with endpoint agent to detect, prevent
and monitor local or remote endpoint activities

Fully
integrated inspection and analysis workflow with a single endpoint
agent that includes threat intelligence, behavioral analysis and
malware detection, prevention and remediation

Allows
detailed endpoint investigation with complete activity timelines
within a single workflow so staff can quickly identify and contain
IOCs and other threats or suspicious activities

Search for,
identify and contain threats on tens of thousands of endpoints
(connected or not) in minutes

Single interface to easily
assess all endpoint activities, identify and analyze incidents and
contain them with a single click to eliminate risk of infection

Detect and prevent hidden endpoint exploit processes

When it comes to exploit detection and prevention, traditional
endpoint protection capabilities are limited because exploits don’t
conform to a simple signature or pattern. FireEye Endpoint Security
provides a flexible, data-driven exploit behavioral intelligence via a
feature called Exploit Guard. This feature also works with Endpoint
Detection and Response (EDR) with information traditional endpoint
solutions miss with detailed FireEye-exclusive intelligence to
correlate multiple discrete activities to uncover exploit activity.

Extend threat intelligence to every endpoint

To be effective, threat intelligence must be present at the point of
attack. The endpoint detection and response (EDR) capabilities offered
by Endpoint Security seamlessly extend threat intelligence
capabilities of other FireEye products to the endpoint. If a FireEye
product detects an attack anywhere in the network, endpoints are
automatically updated and analyst can quickly inspect and gather
details with Triage and Audit Viewer on every endpoint for IOCs.

Attain enhanced endpoint visibility

Complete endpoint visibility is critical to identifying the root
cause of an alert and conducting deep analyses of a threat to
determine its threat state. The lookback cache in Endpoint Security
allows you to inspect and analyze present and past alerts at any
endpoint for thorough forensic investigation and the best response.

Get complete endpoint coverage with malware protection

Provides integrated protection to onsite and remote endpoints with a
tamper proof agent as well as on-access scanning (real-time) of all
file types using signatures, heuristics, generic detection and
emulation (sandbox) and on-demand (scheduled) scans for full, quick
memory and MBF scanning.

Contain compromised endpoints and prevent lateral spread

Attacks that start at an endpoint can spread quickly through your
network. After you identify an attack, Endpoint Security lets you
immediately isolate compromised devices with a single click to stop an
attack and prevent it from spreading laterally or becoming a greater
threat in some other way. You can then conduct a complete forensic
investigation of the incident without risking further infection and
take remediation action based on detailed investigation and analysis
of threat action.

How Endpoint Security works

Endpoint Security can search for and investigate known and unknown
threats on tens of thousands of endpoints in minutes. It uses FireEye
Dynamic Threat Intelligence to correlate alerts generated by FireEye
and network security products and security logs to validate a threat:

NOTE: Endpoint Security can be deployed through the cloud or as
a virtual or on-premise hardware appliance (listed below) that
protects up to 100,000 endpoints. The HX4502 can be used for either
core or DMZ deployment — the only difference is the license state of
each device; the hardware is identical.

VMware ESXi host version 6.0 or later. Earlier ESXi versions
are not supported

VMware vSphere Client

VMware
VCenter Server (recommended). When you use vSphere Client to add
virtual appliances to vCenter Server, the Deploy OVG Template wizard
provides an easy way to enter your activation code. Otherwise, you
must type it in the virtual appliance console, because you cannot
paste into this console.

VMXNET 3 network drivers

Standard virtual switch created for the monitoring ports of the
virtual appliances, and attached to a physical network adapter on
the ESXi server.